Overload the AwsKmsClient register function

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

https://developers.google.com/tink

Apache License 2.0

13.47k stars 1.18k forks source link

Overload the AwsKmsClient register function #606

Closed yoavamit closed 1 year ago

yoavamit commented 2 years ago

The AwsKmsClient constructor methods are deprecated. Instead of explicitly constructing the client, the register() function should be used.

This commit overloads the register() function so it could initialize an AwsKmsClient using an AWSCredentialsProvider.

By exposing the overloaded function, users of the library can avoid using the deprecated constructor.

juergw commented 1 year ago

Sorry that there has not been a rely on this yet.

We are currently changing how the KMS integration works. We don't want users to register clients anymore, so that will be deprecated. So I don't think it makes sense to include this PR.

Note that the constructor is not deprecated anymore now.

Instead of registering, the user should call "client.getAead" to get the remote Aead, and use that to encrypt their keyset, or to create an envelope encryption Aead.